So, according to the U.S. Department of Homeland Security, October is National Cyber Security Awareness Month. Alrighty then… First off, who in the heck is still using the term cyberspace (#cyber-anything #monstrously-outdated)? Please accept my apologies for the digression. As all good network-responsible administrators know, every bloody day is IT security awareness day. That said, I'll take this opportunity to expound and add my two cents as relates to the education field.
Whether you're addressing a single elementary school, a group of public schools or an entire university setting, many of the same conditions apply. You've got to consider faculty, administrative staff, including perhaps school board members and last but not least, students. These groups all have varying requirements with respect to access, collaboration and of course, security.
In general, the access requirements of these groups, combined with the array of available computing technologies can present a significant challenge for IT staff in education settings. This can be complicated by the fact that IT in any educational organization, although sometimes centralized or at least partially centralized, tends to be segregated by departments or disciplines - a legacy from early computing implementations which were managed by faculty in the absence of qualified IT staff. As such, security policies and implementations can often be convoluted by the sporadic interconnectivity of these varying systems which are often different architecturally, (mainframe/Windows/Apple/Linux, etc.).
Faculty primarily uses desktop computers, with laptops and smartphones becoming more prevalent. Faculty requires access to research sources (including the Internet), administrative applications (as users), classroom networks and course-specific applications when applicable.
Administrative staff, similar to faculty, also uses desktop computers, with laptops and smartphones becoming more prevalent. Administration requires varying levels of access to administrative applications and Internet access.
Students likely and more increasingly, carry laptops or notepad computers as well as smartphones. Students require access to research sources, (including restricted Internet access), and course-specific applications. Students also have access to lab environments for specific applications/coursework.
The daily challenges for IT in education can be mitigated through interdepartmental communication and collaboration as well as through initiatives for centralization. In the meantime, these security challenges must be managed either by separation of risks (e.g. smartphones connect only through secured web interfaces) or by policy-driven adherence (e.g. all IT entities must adhere to specific configurations, including anti-virus and local machine settings, as defined collaboratively or centrally.)
At the end of the day, security for research (intellectual property) remains paramount, followed closely by local and mobile computing hardening (against malicious attack), followed by mitigation of liability (inappropriate Internet use or administrative application tampering).
Happy National Cyber Security Awareness Month and keep collaborating!
Department of Homeland Security: http://www.dhs.gov/national-cyber-security-awareness-month
https://www.google.com/search?q=IT+Security+education&oq=IT+Security+education&aqs=chrome..69i57j0l3.7210j0j1&sourceid=chrome&ie=UTF-8
https://www.google.com/search?q=Nation+It+security+month&oq=Nation+It+security+month&aqs=chrome..69i57.5179j0j1&sourceid=chrome&ie=UTF-8